Known issues in Access Management

The following list describes issues that are known to exist in Access Management.

LDAP usage with IIS and Windows

If Access Management is installed as an IIS website and you are using a Windows identity provider, configuring another IdP for LDAP can produce errors. In some browsers, including Chrome, users will be unable to log with in with their LDAP credentials and the Access Management logs will show an "Unexpected authentication scheme" error.

As of Tridion Sites 10, you can avoid this issue by installing Access Management as Windows service rather than as an IIS website. In this setup, you can use both Windows and LDAP identity providers in parallel with no errors.

Unable to log in to Access Management if the IdP is misconfigured

When you first install Access Management, access is anonymous and there is no security. When you complete the additional the implementation steps, you secure Access Management by creating an identity provider that gives access to the appropriate users and enabling HTTPS in the application's configuration file. If there is a problem with the IdP or access settings, you will be unable to log in to Access Management. As a workaround, temporarily change the ForceAnonymous parameter to true so that you can get in to troubleshoot and correct the problem. Be sure to set it back to false after correcting the issue.

For more information on this parameter, see Access Management configuration reference

Login errors with a new IdP in a scaled-out Access Management environment

When creating a new identity provider and attempting to validate, the system returns a 404 - page not found error. The same error occurs for a user trying to log in with the IdP.

Such an error can occur when running Access Management in scaled out environment, that is, there are multiple Access Management service instances running under load balancer. The error occurs because the authentication schema for the new IdP has been saved to the one Access Management instance but it has not yet been applied to the other instances. To resolve this, you need restart all of the Access Management instances, which will ensure are they all in sync.